
One of the bugs is an input validation error that can be exploited to execute arbitrary code if a user clicks on an untrusted link and visits a malicious website, according to Adobe and Secunia advisories.
The other vulnerability can lead to a cross-site request forgery attack, which dupes a trusted user into loading a page containing a malicious request.
In this case, a bug in the Flash Player causes the HTTP referrer to be insufficiently validated.
According to Adobe, users unable to upgrade to Flash Player version 9 can continue to use a patched version of Flash Player 7.